nixos/envoy: add option requireValidConfig
to make config validation errors non-fatal
Co-authored-by: Vincent Haupert <vincent@yaxi.tech>
This commit is contained in:
parent
84220a7098
commit
8dade1f713
|
@ -6,12 +6,11 @@ let
|
||||||
cfg = config.services.envoy;
|
cfg = config.services.envoy;
|
||||||
format = pkgs.formats.json { };
|
format = pkgs.formats.json { };
|
||||||
conf = format.generate "envoy.json" cfg.settings;
|
conf = format.generate "envoy.json" cfg.settings;
|
||||||
validateConfig = file:
|
validateConfig = required: file:
|
||||||
pkgs.runCommand "validate-envoy-conf" { } ''
|
pkgs.runCommand "validate-envoy-conf" { } ''
|
||||||
${cfg.package}/bin/envoy --log-level error --mode validate -c "${file}"
|
${cfg.package}/bin/envoy --log-level error --mode validate -c "${file}" ${lib.optionalString (!required) "|| true"}
|
||||||
cp "${file}" "$out"
|
cp "${file}" "$out"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -20,6 +19,16 @@ in
|
||||||
|
|
||||||
package = mkPackageOptionMD pkgs "envoy" { };
|
package = mkPackageOptionMD pkgs "envoy" { };
|
||||||
|
|
||||||
|
requireValidConfig = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Whether a failure during config validation at build time is fatal.
|
||||||
|
When the config can't be checked during build time, for example when it includes
|
||||||
|
other files, disable this option.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
type = format.type;
|
type = format.type;
|
||||||
default = { };
|
default = { };
|
||||||
|
@ -55,7 +64,7 @@ in
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${cfg.package}/bin/envoy -c ${validateConfig conf}";
|
ExecStart = "${cfg.package}/bin/envoy -c ${validateConfig cfg.requireValidConfig conf}";
|
||||||
CacheDirectory = [ "envoy" ];
|
CacheDirectory = [ "envoy" ];
|
||||||
LogsDirectory = [ "envoy" ];
|
LogsDirectory = [ "envoy" ];
|
||||||
Restart = "no";
|
Restart = "no";
|
||||||
|
|
|
@ -22,12 +22,33 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : {
|
||||||
clusters = [];
|
clusters = [];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
specialisation = {
|
||||||
|
withoutConfigValidation.configuration = { ... }: {
|
||||||
|
services.envoy = {
|
||||||
|
requireValidConfig = false;
|
||||||
|
settings.admin.access_log_path = lib.mkForce "/var/log/envoy/access.log";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript = ''
|
testScript = { nodes, ... }:
|
||||||
machine.start()
|
let
|
||||||
machine.wait_for_unit("envoy.service")
|
specialisations = "${nodes.machine.system.build.toplevel}/specialisation";
|
||||||
machine.wait_for_open_port(80)
|
in
|
||||||
machine.wait_until_succeeds("curl -fsS localhost:80/ready")
|
''
|
||||||
'';
|
machine.start()
|
||||||
|
|
||||||
|
with subtest("envoy.service starts and responds with ready"):
|
||||||
|
machine.wait_for_unit("envoy.service")
|
||||||
|
machine.wait_for_open_port(80)
|
||||||
|
machine.wait_until_succeeds("curl -fsS localhost:80/ready")
|
||||||
|
|
||||||
|
with subtest("envoy.service works with config path not available at eval time"):
|
||||||
|
machine.succeed('${specialisations}/withoutConfigValidation/bin/switch-to-configuration test')
|
||||||
|
machine.wait_for_unit("envoy.service")
|
||||||
|
machine.wait_for_open_port(80)
|
||||||
|
machine.wait_until_succeeds("curl -fsS localhost:80/ready")
|
||||||
|
machine.succeed('test -f /var/log/envoy/access.log')
|
||||||
|
'';
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue
Block a user